QUOTE: Clicking “Allow” will give the scammer access to your Facebook data at any time and the application will be able to post to Facebook as you. This will allow them to spam their scam messages to all of your friends. This particular application is called “Pr0file Watcher”, but scams like this are known to use multiple Facebook apps. Anytime you install a third party Facebook application, you give the application developer access to your personal data. Always be very selective on the apps you install, and only install them from well-known, trusted sources.

QUOTE: We often have readers ask us questions about specific Facebook applications. Some apps generate an enormous amount of spam and can annoy your Facebook friends. Others are outright scams and should be avoided entirely. For example, any application offering to show you who has viewed your profile, who your Facebook stalkers are etc., are guaranteed to be fraudulent. Facebook doesn’t allow developers access to the data required to create apps like this.

QUOTE: Last week, we posted a blog informing Android users of the discovery of new versions of Android.Tonclank, which we have named Android.Counterclank. The blog generated a bit of discussion over whether these new versions should be a concern to Android users. When classifying applications, our focus is on whether users want to be informed of the application’s behavior, allowing them to make a more informed choice regarding whether to install it.

QUOTE: Security experts constantly warn you to avoid clicking links in tweets, emails, Facebook posts, and so on. Even if the sender is a friend, the link might have been added by a virus. So does that mean you can never check out the latest viral video? Sure, you can do that. Just check the URL with ZScaler’s free Zulu URL Risk Analyzer first.

QUOTE: It’s never too early to get ready for Valentine’s day, it seems, even when it comes to malicious attacks. Recently, I came across a scam in Facebook that leverages the upcoming occasion. The said attack begins with a post on affected users’ wall inviting other users to install a Valentine’s theme into their Facebook profile

Trend Labs documents early developments for malware attacks that exploit the Windows Media Player vulnerabilities patched under MS12-004 during the Microsoft January updates. Corporate and Home users should patch promptly and avoid all suspicious objects offered in email or websites

In the attack that we found, the infection vector is a malicious HTML which we found hosted on the domain, hxxp://images.{BLOCKED}p.com/mp.html. This HTML, which Trend Micro detects asHTML_EXPLT.QYUA, exploits the vulnerability by using two components that are also hosted on the same domain. The two files are: a MIDI file detected as TROJ_MDIEXP.QYUA, and a JavaScript detected as JS_EXPLT.QYUA.

QUOTE: What does your name mean? Find out Here – > Installing the application gives the developer access to your basic information. You are also asked on the next screen if you would like to give the application the ability to post to your Facebook Wall. (How nice of them to ask – usually they don’t give you the option The end game of the scam is the follow survey:

QUOTE:Symantec has discovered a new Android botnet that is still thriving in the Android Market and has already been downloaded several million times this year. The Trojan ‘Android.Counterclank’ was packaged in at least 13 free games published by three different publishers, making it harder to trace. Symantec notified Google on Thursday and at press time, 9 of the apps were still available in Google’s official app store.

According to Symantec researcher Irfan Asrar, ‘Counterclank’ can carry out commands from a remote control center on your mobile device. According to Symantec’s virus definition, it steals information and can potentially display ads on your device. “When the package is executed, a service with the same name may be seen running on a compromised device. Another sign of an infection is the presence of the Search icon above on the home screen,” Asrar wrote. No information on geographic scope has been given, but Asrar said that the sheer number of downloads, 1-5 million, makes it the most widespread piece of mobile malware found so far this year.

Users should avoid spam messages titled as “Banking security update” and in general be careful with all Spam email messages. A sophisticated HTML based attack has surfaced which uses a malicious JS agent. Plain text viewing of email messages may also improve user safety.

QUOTE: According to researchers at eleven, a German security firm, the new drive-by spam automatically downloads malware when an email is opened in the email client. The user doesn’t have to click on a link or open an attachment — just opening the email is enough. “The new generation of email-borne malware consists of HTML e-mails which contain a JavaScript which automatically downloads malware when the email is opened,” eleven says in a news release.”This is similar to so-called drive-by downloads, which infect a PC by opening an infected website in the browser.”

The current wave of drive-by spam contains the subject “Banking security update” and has a sender address with the domain fdic.com. If the email client allows HTML emails to be displayed, the HTML code is immediately activated. The user only sees the note “Loading…Please wait,” eleven says. In the meantime, the attempt is made to scan the PC and download malware.